GRC Analyst This is a fully remote role. D&H is growing. Join 100+ year old Employee-Owned technology distributor, offering end-to-end solutions for today's resellers, retailer, and the clients they serve across the SMB and Consumer markets.
- We are empowered by our employee co-owners who provide the industry's best service, and we promote a collaborative culture.
- We offer an Employee Stock Ownership Plan, 401k, Paid Time Off, Medical, Prescription, Dental and Vision benefits as well as Gym Reimbursement, Work from Home Reimbursement, Employee Purchase Program, Tuition Assistance and much more.
- As a D&H Co-Owner you receive numerous discounts on services.
- We feel strongly about giving back to the community and promoting sustainable, eco-friendly business practices.
- Distributing
- Perform all other duties as assigned by management in a professional and efficient manner
SUMMARY D&H Distributing is looking to hire a GRC Security Analyst to assist with managing the Governance, Risk, and Compliance (GRC) program. You will be responsible for developing and ensuring compliance with security policy, carrying out security assessments, and assisting with the development and management of a cybersecurity risk management program. Your experience should include exposure to common cybersecurity frameworks including NIST and ISO 27001. Auditing experience is preferred.
ESSENTIAL DUTIES AND RESPONSIBILITIES • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
• Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Perform third party risk assessments to maintain oversight of third party vendors
• Manage and coordinate client assurance questionnaires, audits and assessments, and calls
• Help support various parts of the company to adopt/maintain a common risk and control framework
• Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
• Perform activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, ) to develop and monitor policies and standards in compliance with applicable privacy policy & regulations
• Stay up to date on the latest security and industry trends including their compliance requirements
• Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications
• Monitor environment for malicious behavior utilizing a variety of security tools and take appropriate remediation
• Coordinate across organization to ensure mutual success in protecting D&H
• Monitor changes to the environment to identify if those changes compromise security
• Investigate security breaches and other cybersecurity incidents with minimal assistance
• Work with the business units to remediate identified issues with minimal assistance
• Use the SIEM and analytics tools to monitor logs and understand baseline traffic of the organization
• Build rules within the SIEM to monitor for new or changed security threats
• Monitor network traffic for suspicious behavior and, with minimal guidance, determine if traffic is legitimate
• With minimal assistance, run vulnerability scans across the organization
• Assist in process improvements to enhance the efficiency of current operational procedures
• Participate in access control and governance including provisioning/deprovisioning and recertification of accounts
• Effectively deal with rapid change in a positive manner
• Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts
• Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing
• Perform all other duties as assigned by management in a professional and efficient manner
EDUCATION and/or EXPERIENCE Education
• Bachelor's degree in Cybersecurity or similar area of study required or equivalent years of related work experience
• 3 - 5 years of experience in cybersecurity
• Industry certifications (CEH, Security+, SANS, CISSP, OSCP, CCNA Security or similar) preferred
Experience
• Experience with system maintenance, monitoring, and alert resolution preferred
• Scripting experience in PowerShell, Python or Perl preferred
• NIST Standards, ISO 27001, and/or PCI DSS
• Security Policy Development
• User Access Reviews (UARs)
• Security and Privacy Impact Assessments (PIAs)
• Exposure to SOC2/SOX/etc.
• Auditing experience (preferred)
• ServiceNow (a plus)
EOE